Functional Encryption Resilient to Hard-to-Invert Leakage

Functional encryption (FE) systems provide a flexible and expressive encryption mechanism that private keys and ciphertexts are associated with attributes (x) over right arrow and predicate formulae Gamma and decryption are possible whenever keys and ciphertexts are related, i.e. Gamma((x) over right arrow) = 1. In this work, we put forward a leakage-resilient FE scheme against the amount of leakage output over a hard-to-invert function family. In our scheme, the encryption policy is specified as an arbitrary monotonic formula, and the adversary can learn the arbitrary length output of the master key and the private key from any computationally irreversible function with the input (master) keys. To improve the efficiency, we employ the set of minimal sets to describe the predicate formula or access structure, and initiate the formal model of leakage-resilient FE, which is a generic extension of identity-based encryption and attribute-based encryption in the presence of key leakage with auxiliary inputs. We provide the concrete construction in bilinear groups of composite order, and prove the adaptively leakage-resilient security in the standard model based on static assumptions. Our hard-to-invert leakage resilience employs the Goldreich-Levin theorem and its extension as a hard-core value over large fields. We also give an extensional construction in the case of obtaining the hard-to-invert randomness leakage of the encryption, which uses a strong extractor to prevent leakage of randomness and a hard-to-invert encryption to prevent the leakage of the key. Finally, we analyze and discuss the stepped-up security on master leakage and continual leakage, and the lower bound of the irreversible leakage function.